Providing context-based visibility of cloud resources in a multi-tenant environment
1 Assignment
0 Petitions
Accused Products
Abstract
A secure tag generation service is associated with a cloud infrastructure. This service establishes a security context for a particular cloud tenant based on a tenant'"'"'s security requirements, one or more cloud resource attributes, and the like. The security content is encoded into a data structure, such as a tag that uniquely identifies that security context. The tag is then encrypted. The encrypted tag is then propagated to one or more cloud management services, such as a logging service. When one or more cloud resources are then used, such use is associated with the encrypted security context tag. In this manner, the encrypted tag is used to monitor activities that are required to meet the security context. When it comes time to perform a security or compliance management task, any cloud system logs that reference the encrypted security context tag are correlated to generate a report for the security context.
-
Citations
21 Claims
-
1-7. -7. (canceled)
-
8. Apparatus, comprising:
-
one or more processors; computer memory holding computer program instructions that when executed by the one or more processors perform resource security and compliance monitoring in a multi-tenant cloud computing infrastructure by the following operations; for a given tenant, deriving a security context from cloud resource meta-data and user-specific input data; propagating a data string uniquely representing the security context to one or more cloud resource automation systems that monitor the cloud computing infrastructure; associating the data string to one or more activities being monitored by the one or more cloud resource automation systems; and responsive to a request, correlating information that includes the data strings to generate a security context-specific response. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system to perform resource security and compliance monitoring in a multi-tenant cloud computing infrastructure, the computer program product holding computer program instructions which, when executed by one or more data processing systems, perform a method comprising:
-
for a given tenant, deriving a security context from cloud resource meta-data and user-specific input data; propagating a data string uniquely representing the security context to one or more cloud resource automation systems that monitor the cloud computing infrastructure; associating the data string to one or more activities being monitored by the one or more cloud resource automation systems; and responsive to a request, correlating information that includes the data strings to generate a security context-specific response. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification